Client Security
Before diving into the Outlook object model in the next chapter, we first need to look at some of the security features in Outlook that will affect your programming. You have probably heard of the Melissa, ILoveYou, and Funlove viruses that spread like wildfire across the Internet. Because Outlook's flexibility enables such viruses and worms to spread quickly by unsuspecting users clicking on items, Outlook restricts access to particular objects, methods , and properties in its object model. Outlook also restricts the file types that users can click on and open .
The Outlook Security Update
Outlook provides a powerful programming environment, but without safeguards, malicious code can use the extensible environment of Outlook to facilitate the creation and spread of computer viruses. Microsoft developed the Outlook Security Update to limit the exposure of typical end users to computer viruses and to help protect them from spreading viruses inadvertently.
The security update is available for Outlook 98, Outlook 2000, and Outlook 2002. It limits not only Outlook but CDO 1.21. It is automatically included with Outlook 2002 and 2003. For earlier versions of Outlook, you must download the security update and install it on your client.
The security update includes attachment precautions and object model guards , and it allows the administrator of a system to force end users to respect a certain level of security in their Outlook clients . The only issue with this level of control, as you'll see shortly, is that it is available only when Outlook users connect to Exchange Server and their messages are delivered to a server mailbox and not a PST. (An offline store (.ost) behaves like a server mailbox because the security settings folder is automatically synchronized with the offline store in Outlook.)
| More Info | The book's companion content contains links to Microsoft Knowledge Base articles and tools to help you better understand and administer the new security model. |
Attachment Security
E-mail viruses spread on the Internet mainly by users double-clicking on executables or scripts that they receive in e-mail. To counter this, the Outlook Security Update implements stringent attachment handling. Outlook uses levels to rank attachment types. It blocks Level 1 attachment types from the user interface, as shown in Figure 5-3. It also blocks programmatic access to Level 1 attachments. These attachments are still stored in Exchange and can be accessed by non-Outlook clients such as Outlook Web Access (OWA). However, Microsoft is working to secure OWA with the same security that you find in Outlook. (Note that custom forms do not support the Infobar shown in Figure 5-3; this means your users will not know that an unsafe attachment was included in the message or, for that matter, that the item had any attachment at all.)
Figure 5-3: Outlook blocks potentially dangerous attachments.
Level 2 attachments must be saved to disk before being opened. This extra step encourages users to think about the attachment before simply double-clicking on it to run it. Figure 5-4 shows the interface for saving an attachment to disk.
Figure 5-4: Saving an attachment to disk
In addition to blocking attachments, Outlook displays a warning to users if they attempt to send a message with what might be an unsafe attachment (as shown in Figure 5-5). As a result, users might think twice before sending potentially unsafe materials, and they will know that if a virus somehow got through the safeguards in Outlook, they might be unintentionally sending something harmful .
Figure 5-5: Outlook displaying a dialog box warning users about sending potentially unsafe attachments
Outlook also blocks in-place activation of embedded OLE objects. For example, if you insert an Excel spreadsheet in a rich-text message and send the message, the object will be received as read-only; the user cannot activate the object within the message window.
The book's companion content lists the attachment file extensions defined as Level 1 and Level 2. Many of the extensions that are blocked are obvious, such as .exe, .vbs, .bat, .cmd, and .com. Others aren't as familiar, such as .shs, .scr, .mst, and .mdz.
Object Model Security
Virus writers need a way to automate the distribution of their viruses ”their intent is not to infect only a single machine. To achieve the greatest distribution with the least amount of suspicion, virus writers sometimes programmatically check each recipient's Outlook address book and send the virus to the first 50 recipients found. The recipient sees a message from a contact or a fellow employee, with some friendly text in the subject line, and opens the attachment. The virus then looks up another 50 addresses and continues replicating. You can see the snowball effect this mechanism has.
Virus writers can accomplish all this because of the robust object model in Outlook. To safeguard against this type of access, Outlook, CDO, and Simple MAPI have been beefed up with security features. The Outlook object model, and Outlook itself, communicates with Exchange Server through MAPI ” specifically , Extended MAPI, the C++ programming interface for MAPI. Extended MAPI does not have security features built in because most virus writers are not C++ developers ”they use script or Visual Basic instead. If you need to "get around" the security features in Outlook, you can write directly to Extended MAPI. Simple MAPI is a simplified version of MAPI that Outlook Express and the Office applications use when you send an e-mail message through those applications.
Chapters 11 and 12 cover CDO in detail. However, just so you know, the secure version of CDO is labeled CDO 1.21s, and the unsecured version is simply CDO 1.21. Only the security update has the secured version; Exchange Server does not install the secured version on the server.
Any application you develop that uses either of these object models is restricted. Outlook forms, COM add-ins, VBA code, folder home pages, and other programs must take into account the security restrictions. Table 5-1 lists the Outlook object model objects and the properties and methods of those objects that trigger the security restrictions and prompt the user to continue or cancel.
| Object | Properties | Methods |
|---|---|---|
| Action | Execute | |
| AddressEntries | All | All |
| AddressEntry | All | All |
| AppointmentItem | Body Organizer RequiredAttendees OptionalAttendees Resources NetMeetingOrganizerAlias | Respond SaveAs Send |
| ContactItem | Body (2003 only) Email1.Address Email1.AddressType Email1.DisplayName Email1.EntryID Email2.Address Email2.AddressType Email2.DisplayName Email2.EntryID Email3.Address Email3.AddressType Email3.DisplayName Email3.EntryID HTMLBody IMAddress NetMeetingAlias ReferredBy | SaveAs |
| DocumentItem | Body | |
| DistListItem | GetMember SaveAs | |
| ItemProperties | Any restricted properties mentioned in this table since ItemProperties lists all properties on a particular item. For example, the To , CC , and SenderName properties are restricted directly on the MailItem object and through the MailItem object's ItemProperties collection. | |
| JournalItem | Body ContactNames | SaveAs |
| MailItem | Body HTMLBody ReceivedByName ReceivedOnBehalfOfName ReplyRecipientNames SentOnBehalfOfName SenderName To Cc Bcc | SaveAs Send |
| MeetingItem | Body SenderName | SaveAs |
| Namespace | CurrentUser GetRecipientFromID | |
| NoteItem | Body | |
| PostItem | Body HTMLBody SenderName | SaveAs |
| Recipient | All | All |
| Recipients | All | All |
| RemoteItem | Body | |
| ReportItem | Body | |
| TaskItem | Body ContactNames Contacts Delegator Owner StatusUpdateRecipients StatusOnCompletionRecipients | SaveAs Send |
| TaskRequestItem TaskRequestAcceptItem TaskRequestDeclineItem TaskRequestUpdateItem | Body | |
| UserProperties | Find | |
| UserProperty | Formula |
If you attempt to use a restricted method, Outlook will display a warning dialog box. For example, if you attempt to look up a recipient and then attempt to call the Send method of an e-mail item programmatically, you will receive the e-mail address dialog box shown in Figure 5-6 and then the Send dialog box shown in Figure 5-7.
Figure 5-6: The address access dialog box
Figure 5-7: The dialog box that appears if you try to call Send programmatically
Because a user can click No in either of these dialog boxes, you must program defensively to make sure your code can handle the user's rejection and not fail or crash. We will look at how to program for the security update later in this chapter.
| Note | You can use the WordEditor property of an Outlook Inspector object to trigger security warnings. |
CDO Security
In addition to protecting the Outlook object model, the security update also protects CDO. The new version of CDO, CDO 1.21s, has safeguards in its object model to protect against virus writers. Unfortunately, if you programmatically query the version using the CDO Session object, you will still get CDO 1.21. If you look at the DLL itself, however, you can see that the version is CDO 1.21s. Furthermore, the CDO update is only for clients. Do not attempt to change the version of CDO on your Exchange servers until the appropriate server patch comes out.
Table 5-2 lists the objects, methods, and properties that are restricted in CDO.
| Object | Properties | Methods |
|---|---|---|
| AddressEntries | Item | Add GetFirst GetLast GetNext GetPrevious |
| AppointmentItem | Field properties listed under Fields | |
| Fields | PR_SENT_REPRESENTING_ENTRYID PR_SENT_REPRESENTING_SEARCH_KEY PR_SENT_REPRESENTING_NAME PR_SENT_REPRESENTING_ADDRTYPE PR_SENT_REPRESENTING_EMAIL_ADDRESS PR_SENDER_ENTRYID PR_SENDER_SEARCH_KEY PR_SENDER_NAME PR_SENDER_ADDRTYPE PR_SENDER_EMAIL_ADDRESS PR_DISPLAY_TO PR_DISPLAY_CC PR_DISPLAY_BCC PR_ORIGINAL_DISPLAY_TO PR_ORIGINAL_DISPLAY_CC PR_ORIGINAL_DISPLAY_BCC | |
| Folder | Messages (folder containing contact items only) | |
| Message | Field properties listed under Fields Sender | Send (when the ShowDialog parameter is set to False ) |
| Recipients | Item | Add AddMultiple GetFirstUnresolved GetNextUnresolved Resolve |
| Session | CurrentUser | GetAddressEntry GetRecipientFromID |
As with Outlook, in CDO you must program defensively when you use these methods or properties because the user can click No in any of the popup dialog boxes. If the user does click No, CDO will return the error E_ACCESSDENIED , which is &H80070005 .
Furthermore, as in Outlook, CDO does not allow you to programmatically access Level 1 attachments. The attachment count will return 0 if only unsafe attachments are in the collection.
Other Limitations
The Outlook Security Update also limits a number of developer features:
-
One-off forms no longer run scripts. Outlook allows you to save the form definition and code with an item and send that item to others. If you do this in versions of Outlook previous to Outlook 2002, the user is prompted to choose whether to run any VBScript behind the one-off item. In Outlook 2002 and later, the VBScript behind all one-off items is disabled. The only way around this limitation is to publish the form to a trusted forms library, such as the personal, folder, or organizational forms library, or to change the default security settings by using the administrative security package described later in this chapter.
-
You can no longer use the Execute method to programmatically click the Send button on the Outlook toolbar. Although most solutions don't use this approach ”they use the Send method instead ”this change was made to stop anyone from trying to hack around the security update.
-
Use of the SendKeys method is restricted. Visual Basic and VBA allow you to send keyboard commands to running applications by using the SendKeys method. Outlook displays warning dialog boxes if a program attempts to use SendKeys to perform restricted functions. Also, Outlook does not support using SendKeys to dismiss the warning dialog boxes; this prevents virus writers from programmatically bypassing these warnings from being displayed to the user.
-
Macro security for all Office applications except Access is set to High. All Office applications except Access, which does not support macro security settings, have their macro security settings set to High by default. This setting means that you must either lower your settings to run VBA code in Outlook or move your VBA code to a COM add-in. (The fact that Access does not support macro security settings is the reason that all Access file extensions are included in the blocked attachments list.)
-
HTML mail is restricted. By default, Outlook uses the Restricted Sites security zone in Microsoft Internet Explorer to display HTML mail. This setting stops scripts in HTML mail from running and ActiveX controls from being enabled.
EAN: 2147483647
Pages: 227